Skip to content

Commit d390383

Browse files
vrutkovsvrutkovs
committed
DEBUG
1 parent db1a930 commit d390383

File tree

1 file changed

+11
-7
lines changed

1 file changed

+11
-7
lines changed

pkg/operator/certrotation/signer.go

Lines changed: 11 additions & 7 deletions
Original file line numberDiff line numberDiff line change
@@ -158,10 +158,6 @@ func ensureOwnerReference(meta *metav1.ObjectMeta, owner *metav1.OwnerReference)
158158
func needNewSigningCertKeyPair(secret *corev1.Secret, refresh time.Duration, refreshOnlyWhenExpired bool) (bool, string) {
159159
annotations := secret.Annotations
160160
notBefore, notAfter, reason := getValidityFromAnnotations(annotations)
161-
if len(reason) > 0 {
162-
return true, reason
163-
}
164-
165161
if time.Now().After(notAfter) {
166162
return true, "already expired"
167163
}
@@ -170,6 +166,10 @@ func needNewSigningCertKeyPair(secret *corev1.Secret, refresh time.Duration, ref
170166
return false, ""
171167
}
172168

169+
if len(reason) > 0 {
170+
return true, reason
171+
}
172+
173173
validity := notAfter.Sub(notBefore)
174174
at80Percent := notAfter.Add(-validity / 5)
175175
if time.Now().After(at80Percent) {
@@ -187,19 +187,23 @@ func needNewSigningCertKeyPair(secret *corev1.Secret, refresh time.Duration, ref
187187
func getValidityFromAnnotations(annotations map[string]string) (notBefore time.Time, notAfter time.Time, reason string) {
188188
notAfterString := annotations[CertificateNotAfterAnnotation]
189189
if len(notAfterString) == 0 {
190+
klog.V(2).Infof("Validity from annotations %v: missing notAfter", annotations)
190191
return notBefore, notAfter, "missing notAfter"
191192
}
192193
notAfter, err := time.Parse(time.RFC3339, notAfterString)
193194
if err != nil {
194-
return notBefore, notAfter, fmt.Sprintf("bad expiry: %q", notAfterString)
195+
klog.V(2).Infof("Validity from annotations %v: bad notAfter expiry", annotations)
196+
return notBefore, notAfter, fmt.Sprintf("bad notAfter expiry: %q", notAfterString)
195197
}
196198
notBeforeString := annotations[CertificateNotBeforeAnnotation]
197-
if len(notAfterString) == 0 {
199+
if len(notBeforeString) == 0 {
200+
klog.V(2).Infof("Validity from annotations %v: missing notBefore", annotations)
198201
return notBefore, notAfter, "missing notBefore"
199202
}
200203
notBefore, err = time.Parse(time.RFC3339, notBeforeString)
201204
if err != nil {
202-
return notBefore, notAfter, fmt.Sprintf("bad expiry: %q", notBeforeString)
205+
klog.V(2).Infof("Validity from annotations %v: bad notBefore expiry", annotations)
206+
return notBefore, notAfter, fmt.Sprintf("bad notBefore expiry: %q", notBeforeString)
203207
}
204208

205209
return notBefore, notAfter, ""

0 commit comments

Comments
 (0)